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WHAT IS CLAIMED IS : 

1 . A method for automated discovery of data comprising: 

defining at least one source resource containing a set of information objects, wherein the 
set of information objects defines a set of users; 

discovering said set of users from said source resource; 

defining an additional resource containing a second set of information objects, wherein 
each information object from said second set of information objects corresponds to a user from 
said set of users; 

discovering said second set of information objects from said additional resource based 
on said additional resource definition; and 

associating each information object from said second set of information objects with the 
corresponding user from said set of users and with said additional resource. 

2. The method of claim 1 , further comprising: 
defining a correlation rule; and 

associating each information object from said second set of information objects with the 
corresponding user form said set of users based on said correlation rule. 

3. The method of Claim 1 , further comprising: 
defining a correlation rule; 

discovering said set of users from multiple source resources; and 

rejecting duplicate users from said set of users based on said correlation rule. 

4. The method of Claim 1 , further comprising: 

creating a virtual identity for each user from said set of users, wherein each virtual 
identity includes an information object list associating at least one of said information objects 
from said second set of information objects with the corresponding user and with the said 
second resource. 

5. The method of Claim 4, wherein said information object list comprises; 
an information object name; and 
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a resource name, wherein the resource name corresponds to the resource from which 
the information object corresponding to the information object name was discovered. 

6. The method of Claim 1 , further comprising: 

providing connection information for said source resource; and 
providing connection information for said additional resource. 

7. The method of Claim 6, wherein the connection information for said source resource 
includes a hostname, a port, a username and a password and wherein the connection 
information for said additional resource includes a hostname, a port, a username and a 
password. 

8. The method of Claim 1 , further comprising defining a schema map, wherein the 
schema map maps an attribute from said source resource to a virtual attribute. 

9. The method of Claim 1, further comprising a schema map, wherein said schema map 
maps an attribute from said additional resource to a virtual attribute. 

10. The method of Claim 9, further comprising: 

creating a virtual identity for each user from said set of users, wherein each virtual 
identity includes an information object list associating at least one of said information objects 
from said second set of information objects with the corresponding user. 

1 1 . The method of Claim 4, wherein said information object list comprises: 
an information object name; and 

a resource name, wherein the resource name corresponds to the resource from which 
the information object corresponding to the information object name was discovered. 
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12. A method of discovering users and accounts comprising: 

defining at least one source resource containing a first set of user accounts from which a 

set of users are discoverable; 

discovering said set of users based on said set of user accounts; and 
associating each user account from said first set of user accounts with the 

corresponding user and with said source resource. 

13. The method of Claim 12, wherein said first set of user accounts resides on multiple 
source resources, further comprising: 

defining a correlation rule; 

discovering said set of users from said multiple source resources; and 
rejecting duplicate users according to said correlation rule. 

14. The method of Claim 12 further comprising: 

defining an additional resource containing a second set of user accounts, wherein each 
user account from said second set of user accounts corresponds to a user from said set of 
users; 

discovering said second set of user accounts based on said additional resource 
definition; and 

associating each of said second set of user accounts with the corresponding user from 
said set of users and with said additional resource. 

15. The method of Claim 14, further comprising: 
defining a correlation rule; 

associating each of said second set of user accounts with a user from said set of users 
based on said correlation rule. 

16. The method of Claim 15, further comprising: 

creating a virtual identity for each user, wherein said virtual identity includes and account 
list associating resource accounts to the corresponding user. 

17. The method of Claim 14, further comprising identifying said additional resource. 
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18. The method of Claim 14, further comprising defining a schema map for said 
additional resource. 

19. The method of Claim 18, further comprising mapping an attribute from said second 
set of resource accounts to a virtual attribute. 

20. The method of Claim 12, further comprising defining one or more roles for one or 
more users. 
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21 . A system for discovering information on a network comprising: 
a computer readable medium; and 

a software program stored on said computer readable memory and executable by a 
computer processor to: 

receive a source resource definition, wherein said source resource contains a 
first set of information objects from which a set of users are discoverable; 

connect to said source resource; 

discover said user names; 

receive a second resource definition, wherein said second resource contains a 
second set of information objects and wherein each of said second set of information objects 
corresponds to a user from said set of users; 

discover said second set of information objects from said second resource; 
p associate each information object from said second set of information objects 

§3 with the corresponding user. 
; % i ■ 

IP 22. The system of Claim 21 , wherein said software program is further executable to: 

W 

f '■ receive a correlation rule; and 

W associate each information object from said second set of information objects with the 

PJ 

p corresponding user based on said correlation rule. 

"4 5 

Ik 23. The system of Claim 21 , further comprising: 

receiving a schema map for said second resource, wherein said schema map maps 
attributes from said second resource to virtual attributes. 

24. The system of Claim 23, wherein said virtual attributes are stored an identity index. 

25. The system of Claim 21 , further comprising creating a virtual identity for each user 
from said set of users. 

26. The system of Claim 25, wherein said virtual identity includes an information object 
list associating said user with corresponding information objects. 
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27. A system for discovering information on a network comprising: 
a computer readable medium; and 

a software program stored on said computer readable memory and executable by a 
computer processor to: 

receive a source resource definition, wherein said source resource contains a 
first set of resource from which a set of users are discoverable; 

connect to said source resource; 

discover said user names; 

receive a second resource definition, wherein said second resource contains a 
second set of resource accounts and wherein each of said second set of resource accounts 
corresponds to a user from said set of users; 

discover said second set of resource accounts from said second resource; 

associate each resource account from said second set of resource accounts with 
the corresponding user. 

28. The system of Claim 27, wherein said software program is further executable to: 
receive a correlation rule; and 

associate each resource account from said second set of resource accounts with the 
corresponding user based on said correlation rule. 

29. The system of Claim 27, further comprising: 

receiving a schema map for said second resource, wherein said schema map maps 
attributes from said second resource to virtual attributes. 

30. The system of Claim 29, wherein said virtual attributes are stored an identity index. 

31 . The system of Claim 27, further comprising creating a virtual identity for each user 
from said set of users. 

32. The system of Claim 31 , wherein said virtual identity includes an resource account 
list associating said user with corresponding resource accounts. 
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33. A method for automated discovery of data comprising: 

receiving from a first administrator a definition of at least one source resource containing 
a set of information objects, wherein the set of information objects defines a set of users; 
discovering said set of users from said source resource; 

receiving from said first administrator a definition a second resource containing a second 
set of information objects, wherein each information object from said second set of information 
objects corresponds to a user from said set of users; 

discovering said second set of information objects from said additional resource; and 
associating each information object from said second set of information objects with the 
corresponding user from said set of users. 

34. The method of Claim 33, further comprising: 

receiving from a second administrator a definition of at least one additional resource 
containing a third set of information objects, wherein each information object from said third set 
of information objects corresponds to a user from said set of users; 

associating each information object from said third set of information objects with the 
corresponding user from said set of users. 

35. The method of Claim 34, further comprising, receiving a stray account definition 
from an end user. 
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36. A method for discovering information comprising: 

receiving a source resource definition from a first administrator, wherein a set of users 
are discoverable from said source resource; 

discovering said set of users from said source resource; 

receiving an additional resource definition from a second administrator, wherein said 
additional resource contains information objects corresponding to each user from said set of 
users; 

discovering said information objects from said additional resource; and 
associating said information objects with said users from said set of users. 

37. The method of claim 36, wherein said information objects comprise user accounts. 

38. The method of Claim 36, further comprising, receiving a user resource definition 
from an end-user, wherein said user resource contains an additional information object 
corresponding to said user; and 

associating said additional information object with said user. 

39. The method of Claim 38, wherein said additional information object comprises a 
user account. 

40. The method of Claim 38, further comprising: 

requiring authentication from said user before associating said additional information 
object with said user. 
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41 . A method for discovering data comprising: 

defining a first resource containing information objects defining at least one user from a 
set of users; 

discovering said information objects based on said first resource definition; 
associating each of said information objects with a user from said set of users and with 
said first resource. 

42. The method of Claim 41 wherein said resource comprises a source resource. 

43. The method of Claim 41 further comprising: 
defining a source resource; and 

discovering said set of users from said source resource. 

44. The method of Claim 41, wherein said information objects comprise user accounts. 

45. The method of Claim 44, further comprising: 

creating a virtual identity for each user from said set of users; 

maintaining a resource account list for each virtual identity, wherein the resource 
account list for each virtual identity lists the resource accounts with which the corresponding 
user is associated and the resource from which each resource account was discovered. 

46. The method of Claim 45, further comprising: 

defining a schema map for said first resource, wherein said schema map maps an 
attribute from said first resource to a virtual attribute. 

47. The method of Claim 41 , further comprising, defining a role for at least one user 
from said set of users. 
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48. A method of discovering information comprising: 

receiving a first resource definition from a first administrator, wherein said first resource 
contains a first set of information objects defining at least one user from a set of users; 

receiving a second resource definition from a second administrator, wherein said second 
resource contains a second set of information objects defining at least one user from said set of 
users; 

discovering said first set of information objects from said first resource; 

associating each information object from said first set of information objects with at least 
one user from said set of users and with said first resource; 

discovering said second set of information objects from said second resource; and 

associating each information object from said second set of information objects with at 
least one user from said set of users and with said second resource. 

49. The method of Claim 48 further comprising: 

receiving a first source resource definition from said first administrator, wherein said 
source resource contains information objects defining at least a first portion of said set of users; 
and 

discovering at least said first portion of said set of users from said first source resource. 

50. The method of Claim 49, further comprising: 

receiving a second source resource definition from said second administrator, wherein 
said second source resource contains information objects defining at least a second portion of 
said set of users; and 

discovering at least said second portion of said set of users from said second source 
resource. 

51 . The method of Claim 50 further comprising: 

receiving a third resource definition from an end-user, wherein said third resource 
contains a stray information object; 

discovering said stray information object from said third resource; and 

associating said stray information object with said end-user and with said third resource. 
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52. A method for discovering information comprising: 

defining a plurality of resources, wherein each of the plurality of resources contains a set 

of information objects defining at least one user from a set of users; 

discovering said sets of information objects from each of the plurality of resources; and 
associating each information object from said sets of information objects with a user 

from said set of users and with the resource from which the corresponding information object 

was discovered. 

53. The method of Claim 52, further comprising: 

defining at least one source resource from which said set of users are discoverable; and 
discovering said set of users from said at least one source resource. 

54. The method of Claim 53, further comprising: 

associating each source resource information object from a set of source resource 
information objects with a user from said set of users and with said source resource, wherein 
said source resource further comprises said set of source resource information objects defining 
said set of users. 

55. The method of Claim 52, further comprising: 
defining a correlation rule; and 

associating each information object from said sets of information objects with a user 
based on said correlation rule. 

56. The method of Claim 52, wherein each information object comprises a resource 
account. 

57. The method of Claim 56, further comprising creating a virtual identity for each user, 
wherein each said virtual identity comprises a resource account list comprising a list of 
information objects associated with the corresponding user and the resource from which each 
such information object was discovered. 
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58. The method of Claim 52, further comprising providing connection information for 
each of the plurality of resources. 

59. The method of Claim 52, further comprising defining at least one role for at least one 
user from said set of users, wherein said at least one role defines a set of resources from said 
plurality of resources from which information objects will be discovered for the corresponding 
user. 
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